Deutsch
English
Français
Español
- Share:
17 endpoint security packages for Windows 11 put to the test
When experts speak of endpoints, they are normally referring to employee Windows PCs – the largest attack surface in company environments. That is why perfect protection for these devices is essential. In its latest evaluation, the AV-TEST Institute tested 17 Windows solutions for endpoint PCs for corporate users. In addition to vital protection by the software, the performance on office PCs and susceptibility to false alarms were also tested. Over 20,000 malware samples and 900,000 innocuous files were used in the test. The findings demonstrate how well the security vendors perform and reliably secure the Windows 11 client PCs of employees.
17 endpoint solutions for companies put to the test
Companies continue to be attractive targets for cyberattacks. For corporations and SMEs, robust cyber resilience is a necessity in protecting their data and business secrets, along with compliance with many data protection standards, such as the GDPR or the pending NIS2. That is why flawless protection of employee PCs is of particular focus. In their test series for office PCs running on Windows 11, the security experts from AV-TEST tested and certified a total of 17 protection solutions. In March and April 2025, 17 products were rigorously tested under Windows for their protection, performance and usability. The lab used more than 20,000 malware samples to test defensive capabilities and almost 900,000 harmless files to check for false positives.
17 endpoint solutions put to the test
The tested products came from the following security vendors: Avast, Bitdefender, Check Point, ESET, HP Security, Huawei, Kaspersky (with 2 versions), Legendsec, Microsoft, Microworld, Qualys, Seqrite, Sophos, Symantec, Trellix and WithSecure.
A product can receive up to 6 points in each respective category. Thus, the top score for three categories in the test is 18 points. Every product passing the test receives the "Approved Corporate Endpoint Protection" security certificate. Products achieving 18 or at least 17.5 points in the final score earn the special TOP PRODUCT recognition in addition to the certificate.
The security products for companies are evaluated in the configuration specified by the vendor. Currently available product versions are always used for testing. They can install online updates and query their cloud-based services at any time.
To make them more comprehensible and transparent, the tests are conducted according to the AMTSO (Anti-Malware Testing Standards Organization) standard. In this international organization, recognized tests are known for the fact that the test methods uphold the specified standards in terms of objectivity, quality and relevance of anti-malware tests. That is why each test is documented with a reference number in a database.
In the March-April 2025 test, many of the protection solutions for corporate users performed superbly in all test areas
Malware detection runs for two months in the test. The results are flawless for many of the endpoint solutions
Windows 11 endpoints subjected to over 20,000 malware samples
The laboratory evaluated the protection capabilities of the solutions in two phases. In the first part, the real-world test, the lab tested the solutions with so-called 0-day malware. In the second phase, the lab used a reference set with recently uncovered malware. The tests for protection were carried out in March and April 2025 under Windows 11. That is why four ratings are listed in the table showing the detection scores.
In the real-world test, involving nearly 1,400 samples of zero-day malware, and in the test with the reference set and its nearly 19,000 viruses, Trojans etc., these 11 products detected all attackers 100 percent: Avast, Bitdefender, ESET, HP Security, Kaspersky (both versions), Legendsec, Microsoft, Symantec, Trellix and WithSecure. Qualys came in just shy of the top score in one section: achieving a detection rate of 99.9 percent.
Sophos, Huawei, Microworld and Seqrite yielded similar results. They all committed minor errors in individual test months in the real-world test or in the reference set. Nevertheless, it was enough for all of them to score a full 6 points for protection.
Only Check Point made too many errors in all sections and only achieved levels of 98.2 to 99.4 percent. That is clearly not enough. This is why the product only achieved 4 out of a possible 6 points.
Slow and fast office PCs
Each product requires a certain amount of Windows system resources for its protection function. However, the system load should be as low as possible. To check this, the test experts use a simple Office PC and a high-end PC running on Windows 11. The experts then perform downloads, install applications and launch them. Finally, they copy large volumes of data locally onto the PC and onto the network. The time required for these operations is then used as a reference. This is because all operations are repeated and evaluated with a protection solution installed.
The products from Avast, Kaspersky (both versions), Legendsec, Microsoft, Qualys, Seqrite, Trellix and WithSecure worked totally silently in the background. This earned them the full 6 points.
Some products stood out due to a slightly higher system load, and each received a half point deduction for this. They only achieved 5.5 points in the evaluation: Bitdefender, ESET, HP Security, Huawei, Microworld, Sophos and Symantec.
Check Point's solution was also conspicuous in this test section, as it required far too many system resources, slowing down the test PCs. It was left with only 4 out of 6 possible points.
The endpoint solution for companies demonstrated error-free performance with 100 percent detection in all tests, thus earning 18 points
The vendor Kaspersky scored maximum points in the test not only with its Endpoint version, but also with its Small Office Security version
Although the corporate user protection from Qualys committed a tiny error in detection, it still achieved the maximum result in the test with 18 points
The endpoint solution from WithSecure convinced the testers with 100 percent malware detection and other areas of performance: this added up to 18 points
The product for corporate users from Trellix achieved the full 6 points in all three test sections, completing the test with the top score
With 18 points, the business solution Endpoint Security from Seqrite achieved the top score in the test under Windows 11
Error detection sets off alarms
If a solution sounds an alarm in a company, it can bring an entire department or more to a screeching halt. That is why an endpoint solution should distinguish precisely which data is harmless and which is dangerous. To test this, the experts surfed 500 websites, carried out downloads, installed applications and launched them. In the last phase, the experts loaded over 900,000 harmless files onto the test systems.
Despite the bulk of the files, some protection solutions only blocked one or two programs. For this they received the full 6 points in terms of the protection score. Only the product from Legendsec blocked a few more applications after installation and launch: scoring only 5.5 points.
More security for company PCs
The outcome in the March-April 2025 test was perfect for many endpoint solutions. The products from Avast, Kaspersky (with both versions), Microsoft, Qualys, Seqrite, Trellix and WithSecure completed the test with the highest score of 18. Coming in close behind with 17.5 points were the security suites from Bitdefender, ESET, HP Security, Huawei, Legendsec, Microworld, Sophos and Symantec. In addition to the "Approved Corporate Endpoint Protection" security certificate, they all earned further recognition as a TOP PRODUCT.
Anyone keeping score will notice that 16 of the 17 endpoint solutions examined were clustered at the top of the test table. Only Check Point couldn't keep up in those test months and reached a final score of only 14 points.
With these results, security managers have a wide range of reliable products to choose from. In addition to these results, however, they ought to also consider the evaluations of the ongoing series of Advanced Threat Protection tests. This is because endpoint products have to prove in 10 live scenarios how they employ the latest technologies to fend off attacking ransomware and data stealers.
